In recent years, attack to networks or servers by attack packets has been increasing. Most of the attack packets generally contain forged transmission-source Internet Protocol (IP) addresses to conceal actual transmission sources.
The reason being: firstly, an end user can set an IP address to a terminal; secondly, a communication destination terminal (a server) does not have a scheme for certificating validity of a transmission-source IP address; and thirdly, a relay device (a router) does not have a scheme for recognizing from what interface (IF) the relay device should receive a packet to be relayed, so that the IP address of the communication destination terminal can easily be forged and a source of the attack packet can hardly be traced.
Focusing on the above-mentioned three problems, Japanese Laid-open Patent Publication No. 2002-176454 discloses a conventional technology in which a relay device detects a packet containing a forged transmission-source IP address and discards the detected packet to prevent attack to a network or a server by an attack packet.
The relay device disclosed in Japanese Laid-open Patent Publication No. 2002-176454 utilizes the following fact. That is, a router searches a route table by using a destination IP address of a received packet as a keyword and then relays the packet, i.e., a terminal transmits a packet containing a forged IP address but does not receive a packet addressed to the forged IP address.
The conventional technology (i.e., Japanese Laid-open Patent Publication No. 2002-176454) is described in detail below with reference to FIG. 19. FIG. 19 is a schematic diagram for explaining the conventional technology. In FIG. 19, a terminal 10 is assigned with an IP address A with authorization, and a terminal 20 pretends that it is assigned with the IP address A. Each of the terminals 10 and 20 transmits a packet to a server 50.
Firstly, a router 2 receives not less than a predetermined amount of packets having same transmission-source IP address through a plurality of different interfaces (IF-α and IF-β) (see (1)). Secondly, the router 2 transmits a transmission-source inspection packet in which the IP address A is set as a destination IP address and an IP address of the router 2 is set as a transmission-source IP address (see (2)). As a result, the transmission-source inspection packet is transmitted only to the terminal 10 that is assigned with the IP address A with authorization and is not transmitted to the terminal 20 whose IP address is forged.
Thirdly, the terminal 10 that has received the transmission-source inspection packet returns to the router 2 a response to the transmission-source inspection packet (see (3)). Fourthly, the router 2 sets an entry for a filter so as to permit transmission of only a packet that contains the transmission-source IP address A and is received through an interface that has received the response to the transmission-source inspection packet (IF-α in FIG. 19) and so as to discard other packets that contain the transmission-source IP address A and are received through other interface (IF-β in FIG. 19) (see (4)).
However, in the above-mentioned conventional technology, there has been a problem that an authorized packet whose transmission-source IP address is not forged may be erroneously discarded when a filter is set for a packet.
FIG. 20 is a schematic diagram for explaining the problem with the conventional technology. In FIG. 20, a network has a redundant structure, and the terminal 10 that is assigned with an authorized IP address A communicates with each of the server 50 and a server 60. A packet transmitted from the terminal 10 to the server 50 reaches the server 50 via routers 4, 3, and 1, and a packet transmitted from the terminal 10 to the server 60 reaches the server 60 via the routers 4, 5, and 1, according to a route control in the network.
When a packet is transmitted from the terminal 10 to each of the servers 50 and 60 through the route illustrated in FIG. 20, the router 1 receives packets that have respectively been transmitted from the terminal 10 via two interfaces, i.e., the IF-α and the IF-β.
At this time, assuming that the terminal 20 forges the IP address A and transmits a packet to the server 50, the router 1 sets a filter so that a packet containing the IP address A as a transmission-source IP address is received only through the IF-β according to the procedure mentioned earlier. As a result, a packet that is transmitted from the terminal 10 to the server 60 and received through the IF-α (i.e., an authorized packet in which the IP address A is not forged) is also discarded.
Furthermore, in the conventional technology, when a route is changed after an entry for the filter has been set by the above-mentioned method, e.g., when a route from the terminal 10 to the server 50 is changed from a route including the router 3 to a route including the router 5, an entry for the filter may not be automatically updated in synchronization with the change of the route, so that an authorized packet may be discarded.
Besides, a terminal that responds to the transmission-source inspection packet is an end terminal (i.e., the terminal 10). Therefore, in the conventional technology, when the terminal 10 is being shut down while the terminal 20 is making an attack, it is difficult to identify an interface that receives a packet transmitted from a terminal assigned with the IP address A with authorization.
Thus, it becomes increasingly important to accurately discard only an attack packet containing a forged transmission-source IP address without discarding an authorized packet.